From f563ddece04adfd8d80d4e984405f5c70a6c94f3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 2 Nov 2022 18:20:24 +0100
Subject: surtr: borg backup to vidhar

---
 hosts/surtr/borg.nix           | 50 ++++++++++++++++++++++++++++++++++++++++++
 hosts/surtr/default.nix        |  2 +-
 hosts/surtr/matrix/default.nix |  4 ----
 3 files changed, 51 insertions(+), 5 deletions(-)
 create mode 100644 hosts/surtr/borg.nix

(limited to 'hosts')

diff --git a/hosts/surtr/borg.nix b/hosts/surtr/borg.nix
new file mode 100644
index 00000000..b9fe53d7
--- /dev/null
+++ b/hosts/surtr/borg.nix
@@ -0,0 +1,50 @@
+{ lib, config, ... }:
+
+with lib;
+
+{
+  config = {
+    services.borgsnap = {
+      enable = true;
+      target = "borg.vidhar:.";
+
+      extraConfig = mkForce {
+        daily = "31";
+        monthly = "-1";
+      };
+
+      sshConfig = ''
+        Include /etc/ssh/ssh_config
+
+        ControlMaster auto
+        ControlPath /var/lib/borg/.borgssh-master-%r@%n:%p
+        ControlPersist yes
+
+        Host borg.vidhar
+          HostName vidhar.yggdrasil.li
+          User borg
+          IdentityFile ${config.sops.secrets."append.borg.vidhar".path}
+          IdentitiesOnly yes
+
+          BatchMode yes
+          ServerAliveInterval 10
+          ServerAliveCountMax 30
+      '';
+    };
+
+    sops.secrets."append.borg.vidhar" = {
+      format = "binary";
+      sopsFile = ../vidhar/borg/jotnar/surtr;
+      owner = "borg";
+      group = "borg";
+      mode = "0400";
+    };
+
+    users.users.borg = {
+      useDefaultShell = true;
+      isSystemUser = true;
+      group = "borg";
+    };
+    users.groups.borg = {};
+  };
+}
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index f616d749..cebb2b6c 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -2,7 +2,7 @@
 {
   imports = with flake.nixosModules.systemProfiles; [
     tmpfs-root qemu-guest openssh rebuild-machines zfs
-    ./zfs.nix ./dns ./tls ./http ./bifrost ./matrix ./postgresql.nix ./prometheus ./email ./vpn
+    ./zfs.nix ./dns ./tls ./http ./bifrost ./matrix ./postgresql.nix ./prometheus ./email ./vpn ./borg.nix
   ];
 
   config = {
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index 46c2f338..f5a411ac 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -228,10 +228,6 @@ with lib;
       "turn.synapse.li" = {
         zone = "synapse.li";
         certCfg = {
-          server = "https://acme.zerossl.com/v2/DV90";
-          extraLegoFlags = [
-            "--cert.timeout" "300"
-          ];
           postRun = ''
             ${pkgs.systemd}/bin/systemctl try-restart coturn.service
           '';
-- 
cgit v1.2.3